Skip to main content

Hi,

From reading the Javadocs I gather that, by obtaining an authorization code on behalf of a user (in my case an admin), then creating a BoxAPIConnection(clientid, clientSecret), and finally calling connection.authenticate(code), I will have obtained all the tokens that are necessary for making (at least immediate) API calls.

But, although the BoxAPIConnection does automatic 'access' token refreshes, what happens to the 'refresh' token (which normally would expire in 60 days). Can the connection be trusted to refresh this automatically too? (let's say that my app saves the stored connection state -using the sdk- and whenever it restarts, it creates a new connection restoring this saved state). Would be great if somebody could enlighten me on this, as I am not able to find any documentation on it (although I was able to see some hooks for refreshing a 'refresh' token in the deprecated APIs that used BoxClient and other classes, etc.). 

Thanks!

 

 

 


The Java SDK does not automatically refresh tokens.


 


Refresh tokens can't automatically be refreshed. When a refresh token expires, it’s the equivalent of being automatically logged out, so the user will need to go through the OAuth login flow again.


I've had to refresh the token if it needs refreshing like this...

 

private static BoxAPIConnection getBoxAPIConnection(String client_id, String client_secret, String token, String refresh_token, String stateConfPath) {



        String state = null;

        try {

            logger.info("Getting state.conf: " + stateConfPath + "/state.conf");

            InputStream fis = new FileInputStream(stateConfPath + "/state.conf");

            InputStreamReader isr = new InputStreamReader(fis, Charset.forName("UTF-8"));

            BufferedReader br = new BufferedReader(isr);

            state = br.readLine();

        }

        catch (FileNotFoundException f) {

            try {

                // create file if it doesn't exist

                PrintWriter writer = new PrintWriter(stateConfPath + "/state.conf", "UTF-8");

                writer.println("");

                writer.close();

            }

            catch (Exception w) {

                logger.fatal("Exception", w);

            }

        }

        catch (IOException e) {

            logger.fatal("IOException", e);

        }



        BoxAPIConnection api = null;



        //if (null == state || "".equals(state)) {

        if (!token.equals("") && !refresh_token.equals("")) {

            api = new BoxAPIConnection(client_id, client_secret, token, refresh_token);

        } else {

            logger.info("Restoring state..." + state);

            api = BoxAPIConnection.restore(client_id, client_secret, state);

            if (api.needsRefresh()) {  // this is not a reliable call.  It can still throw a 401 below

                logger.info("api refreshing...");

                api.refresh();

            }

            else {

                logger.info("api good...");

            }

        }



        return api;

    }

Reply


Terms & ConditionsCookie settings